Attacks on web users are becoming all too common. Kaspersky Lab’s senior security researcher, Fabio Assolini, says “[The user] needs to know that an extension can access everything you do in the browser, all the data, passwords and the websites visited. So it’s very important not to install unknown extensions. The situation gets worse when the malicious extension is hosted in the official Chrome store, as we noticed in some attacks.” All versions of the Chrome browser list which permissions each and every extension is granted, and Assolini recommends that you check that list regularly. Even installing something as simple and well-known as an ad-blocker or a notepad for the browser can result in infection. He also recommends that Chrome users avoid installing any extension that asks for access to a ton of personal data, regardless of whether the program is trusted by others or not. Google has been taking steps towards protecting its users. In June 2013, Google updated Chrome so that extensions that were not in the Chrome Web store could not be installed on the browser. Any new extensions had to be added through the built-in “extensions” page. While many people complained, Google explained that this was because they could not remove all of the malicious extensions that existed on other websites, but they could control the ones available in their own store. Often, Google finds these extensions and quickly removes them not only from the Store, but from any browser that might have installed them before the company discovered them. In addition, Google also says they’ve started to analyze and test every extension that gets uploaded to the Web Store, and that they don’t even make it to the store if they are found to be malicious. However, this doesn’t mean you’re protected as extensions automatically update. This means that if a good extension is hijacked and infected, the next update will be malicious, even if the original download was not. The important thing that you can do in your web browsing is to verify that your extensions do not have any permissions they shouldn’t, whether you use Firefox or Chrome. In addition, be careful about what you install to ensure that you don’t accidentally introduce dangerous malware to your computer.
Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.